History

Ren Ren Juan c5fd23b54f Get new tree with state verified with current React Native on both platforms		2018-02-12 17:11:06 +00:00
..
lib	Get new tree with state verified with current React Native on both platforms	2018-02-12 17:11:06 +00:00
test	Get new tree with state verified with current React Native on both platforms	2018-02-12 17:11:06 +00:00
.npmignore	Get new tree with state verified with current React Native on both platforms	2018-02-12 17:11:06 +00:00
.travis.yml	Get new tree with state verified with current React Native on both platforms	2018-02-12 17:11:06 +00:00
LICENSE	Get new tree with state verified with current React Native on both platforms	2018-02-12 17:11:06 +00:00
README.md	Get new tree with state verified with current React Native on both platforms	2018-02-12 17:11:06 +00:00
appveyor.yml	Get new tree with state verified with current React Native on both platforms	2018-02-12 17:11:06 +00:00
package.json	Get new tree with state verified with current React Native on both platforms	2018-02-12 17:11:06 +00:00

README.md

Timing safe string compare using double HMAC

Prevents timing attacks using Brad Hill's Double HMAC pattern to perform secure string comparison. Double HMAC avoids the timing atacks by blinding the timing channel using random time per attempt comparison against iterative brute force attacks.

Install

npm install tsscmp

Why

To compare secret values like authentication tokens, passwords or capability urls so that timing information is not leaked to the attacker.

Example

var timingSafeCompare = require('tsscmp');

var sessionToken = '127e6fbfe24a750e72930c';
var givenToken = '127e6fbfe24a750e72930c';

if (timingSafeCompare(sessionToken, givenToken)) {
  console.log('good token');
} else {
  console.log('bad token');
}

##License: MIT

Credits to: @jsha | @bnoordhuis | @suryagh |